Re: [PATCH] [www] cvsync.html - use class="cmdbox"
On Wed, Apr 17, 2019 at 11:41:18PM +0100, Raf Czlonka wrote: > On Wed, Apr 17, 2019 at 10:53:54PM BST, Theo Buehler wrote: > > On Wed, Apr 17, 2019 at 11:34:56PM +0200, Solene Rapenne wrote: > > > On Wed, Apr 17, 2019 at 09:55:26PM +0100, Raf Czlonka wrote: > > > > Hi all, > > > > > > > > Similar to other pages[0][1], use class="cmdbox", add prompt character > > > > where appropriate, and remove superfluous indentation while there. > > > > > > > > [0] https://www.openbsd.org/anoncvs.html > > > > [1] https://www.openbsd.org/ddb.html > > > > > > > > Regards, > > > > > > > > Raf > > > > > > this looks much better with this > > > > > > ok solene@ > > > > > > > Please send a diff for www/build/mirrors/cvsync.html.* instead > > After cvsync.html -> build/mirrors/cvsync.html.head change, the patch > applies just fine but, as requested, re-done for the > build/mirrors/cvsync.html.head below anyway. Looks good. ok tb Solene, can you take care of committing this? > > > hiro$ head -1 cvsync.html > > > > Arghhh... force of habit: > > $ vi +/pre cvsync.html > > :^P > > Cheers, > > Raf > > Index: build/mirrors/cvsync.html.head > === > RCS file: /cvs/www/build/mirrors/cvsync.html.head,v > retrieving revision 1.36 > diff -u -p -r1.36 cvsync.html.head > --- build/mirrors/cvsync.html.head2 Apr 2018 02:48:19 - 1.36 > +++ build/mirrors/cvsync.html.head17 Apr 2019 22:37:34 - > @@ -57,8 +57,8 @@ CVS is part of OpenBSD's base system. > CVSync is an entirely different program and can be installed from > packages: > > - > -pkg_add cvsync > + > +# pkg_add cvsync > > > Do not build your own copy from unmodified upstream source - > @@ -69,17 +69,17 @@ used in the OpenBSD repository. > In order to mirror the OpenBSD repository with CVSync, > the following configuration file might be used: > > - > - config { > - hostname anoncvs.eu.openbsd.org > - # If your network link is a T1 or faster, comment out the following > line. > - compress > - collection { > - name openbsd release rcs > - prefix /cvs > - umask 002 > - } > - } > + > +config { > +hostname anoncvs.eu.openbsd.org > +# If your network link is a T1 or faster, comment out the following line. > +compress > +collection { > + name openbsd release rcs > + prefix /cvs > + umask 002 > +} > +} > > > > @@ -93,8 +93,8 @@ The local copy of the files are stored i > Assuming this file is saved as cvs-syncfile, the > following command would be used to invoke cvsync > > - > -cvsync -c cvs-syncfile > + > +$ cvsync -c cvs-syncfile > > > Getting Started Using Rsync > @@ -104,13 +104,13 @@ file synchronization program. > Again this should be installed from packages. > Two flavours are available: > > - > - # pkg_add rsync > - Ambiguous: choose package for rsync > - a 0: > - 1: rsync-3.1.2p0 > - 2: rsync-3.1.2p0-iconv > - Your choice: > + > +# pkg_add rsync > +Ambiguous: choose package for rsync > +a0: > + 1: rsync-3.1.2p0 > + 2: rsync-3.1.2p0-iconv > +Your choice: > > > Unless you have other requirements, simply install the standard version > @@ -118,15 +118,15 @@ Unless you have other requirements, simp > You can select the flavour on the command-line to avoid > pkg_add(1) prompting for the > version like so: > - > - pkg_add rsync-- > + > +# pkg_add rsync-- > > > In order to mirror the OpenBSD repository with rsync, > the following command line might be used: > > - > - rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ > /cvs/ > + > +$ rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ /cvs/ > > > Using CVS to Work With Your Repository > @@ -135,10 +135,10 @@ Now that you have a local copy of the CV > to check out, update, or do any of the other CVS operations you would > normally do against a remote repository, locally. > For example: > - > -cvs -d/cvs checkout -P src > -cvs -d/cvs up -Pd > -cvs -d/cvs diff -u file.c > + > +$ cvs -d/cvs checkout -P src > +$ cvs -d/cvs up -Pd > +$ cvs -d/cvs diff -u file.c > > More details on CVS operation can be found in > FAQ5, Fetching appropriate source
Re: update to PF pfctl(8) and pf.conf(5) manpages
On Thu, Apr 18, 2019 at 02:40:09AM +0200, Alexandr Nedvedicky wrote: > Hello Ingo, > > thank you for all your suggestions. I've accepted all of them. > updated diff is below. > > let me just share some thoughts and clarifications here. > morning. i have to say upfront that i dislike this idea of dividing options into classes and then for every option, altering the text to something unwieldy like: This runtime option... it reads very poorly, and this page is big enough as is without fleshing it out more. on the other hand, i do like that you are concretely documenting defaults. even if that causes us some work, i think it's helpful enough to justify it. you've suggested another idea, which is to add an option to display the defaults. so i don;t really want to dig in to your diff until i see whether this stuff is going in or not. but i think if it does, i'd like to find another way to do it. one possibility is to not make anyone worry about what kind of option they are dealing with, and just list in the description of Reset exactly what is affected. i admit i don;t know if that is practical. another possibility would be to just add a text such as "Can be Reset". jmc > > > > > I don't feel strongly about mentioning the defaults either way. > > But i tend to think that if something is important enough to provide > > users with a knob to tweak it, then they will probably need to know what > > I have a same feeling about having defaults in manpage. It's useful > for administrators, but it's pain for developers to keep them up-to-date. > > I was thinking on how to address the potential 'out-of-date' problem with > keeping manpage in sync with definitions of defaults in source code. How > people would feel about adding yet another option to pfctl, something > like: > > pfctl -s defaults > > This would make pfctl to print all compile time defaults. The manpage will > just contain a reference on how to quickly find them. Such information > will > be always up-to-date and consistent with given platform. If we say yes to > 'pfctl -s defaults', then I can update diff accordingly. I would just > remove the default values from manpage and put reference to 'pfctl -s > defaults' there (and also would extend pfctl to show them). > > > > > > > +Packets passing in or out on such interfaces are passed as if pf was > > > disabled, > > > +i.e. pf does not process them in any way. This can be useful on > > > loopback and > > > +other virtual interfaces, when packet filtering is not desired and can > > > have > > > +unexpected effects. > > > > Why are you changing these four lines? > > It seems to me you are only making lines too long and violating > > the rule "new sentence, new line". > > I believe I let vim to format the lines for me. I've adjusted the diff > to minimize divergence from cvs tree. Thanks for pointing that out. > > thanks and > regards > sashan > > 8<---8<---8<--8< > diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 > index b7e941991ba..aa24a5de561 100644 > --- a/sbin/pfctl/pfctl.8 > +++ b/sbin/pfctl/pfctl.8 > @@ -198,7 +198,7 @@ Flush the tables. > .It Fl F Cm osfp > Flush the passive operating system fingerprints. > .It Fl F Cm Reset > -Reset limits, timeouts and options back to default settings. > +Reset limits, timeouts and other runtime options back to default settings. > .It Fl F Cm all > Flush all of the above. > .El > diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 > index 247ceef40a5..96bef3e020f 100644 > --- a/share/man/man5/pf.conf.5 > +++ b/share/man/man5/pf.conf.5 > @@ -1130,11 +1130,23 @@ can be used. > may be tuned for various situations using the > .Ic set > command. > +There are two kinds of options: > +.Em Runtime > +options, which define parameters for the > +.Xr pf 4 > +driver and > +.Em parser > +options, which fine-tune interpretation of rules, while > +they are being loaded from the file. > +The runtime options may be restored to their default values using the > +.Xr pfctl 8 > +.Fl F Cm Reset > +option. > .Bl -tag -width Ds > .It Ic set Cm block-policy drop | return > The > .Cm block-policy > -option sets the default behaviour for the packet > +parser option sets the default behaviour for the packet > .Ic block > action: > .Pp > @@ -1146,8 +1158,13 @@ A TCP RST is returned for blocked TCP packets, > an ICMP UNREACHABLE is returned for blocked UDP packets, > and all other packets are silently dropped. > .El > +.Pp > +The default value is > +.Cm drop . > .It Ic set Cm debug Ar level > -Set the debug > +The > +.Cm debug > +runtime option sets the debug > .Ar level , > which limits the severity of log messages printed by > .Xr pf 4 . > @@ -1165,8 +1182,11 @@ and > These keywords correspond to the similar (LOG_) values specified to the > .Xr syslog 3 > library routine. > +The default value is >
Re: dwxe: resetting interface on watchdog timeout
On Wed, Apr 17, 2019 at 04:32:04PM -0700, Jungle Boogie wrote: > On Wed 17 Apr 2019 9:44 AM, Sebastien Marie wrote: > > Hi, > > > > With a pine64, I am experimenting regulary dwxe watchdog > > timeout. Usually it is a sign that something doesn't work in the driver > > itself. > > Good to know this isn't just affecting my three devices. > Let's hope this patch gets some feedback and makes its way into the build. you could build a kernel and test it for confirming it works as expected. it could really help to have feedback from users. thanks. -- Sebastien Marie
Re: update to PF pfctl(8) and pf.conf(5) manpages
Hello Ingo, thank you for all your suggestions. I've accepted all of them. updated diff is below. let me just share some thoughts and clarifications here. > > I don't feel strongly about mentioning the defaults either way. > But i tend to think that if something is important enough to provide > users with a knob to tweak it, then they will probably need to know what I have a same feeling about having defaults in manpage. It's useful for administrators, but it's pain for developers to keep them up-to-date. I was thinking on how to address the potential 'out-of-date' problem with keeping manpage in sync with definitions of defaults in source code. How people would feel about adding yet another option to pfctl, something like: pfctl -s defaults This would make pfctl to print all compile time defaults. The manpage will just contain a reference on how to quickly find them. Such information will be always up-to-date and consistent with given platform. If we say yes to 'pfctl -s defaults', then I can update diff accordingly. I would just remove the default values from manpage and put reference to 'pfctl -s defaults' there (and also would extend pfctl to show them). > > > +Packets passing in or out on such interfaces are passed as if pf was > > disabled, > > +i.e. pf does not process them in any way. This can be useful on loopback > > and > > +other virtual interfaces, when packet filtering is not desired and can have > > +unexpected effects. > > Why are you changing these four lines? > It seems to me you are only making lines too long and violating > the rule "new sentence, new line". I believe I let vim to format the lines for me. I've adjusted the diff to minimize divergence from cvs tree. Thanks for pointing that out. thanks and regards sashan 8<---8<---8<--8< diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index b7e941991ba..aa24a5de561 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -198,7 +198,7 @@ Flush the tables. .It Fl F Cm osfp Flush the passive operating system fingerprints. .It Fl F Cm Reset -Reset limits, timeouts and options back to default settings. +Reset limits, timeouts and other runtime options back to default settings. .It Fl F Cm all Flush all of the above. .El diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 247ceef40a5..96bef3e020f 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1130,11 +1130,23 @@ can be used. may be tuned for various situations using the .Ic set command. +There are two kinds of options: +.Em Runtime +options, which define parameters for the +.Xr pf 4 +driver and +.Em parser +options, which fine-tune interpretation of rules, while +they are being loaded from the file. +The runtime options may be restored to their default values using the +.Xr pfctl 8 +.Fl F Cm Reset +option. .Bl -tag -width Ds .It Ic set Cm block-policy drop | return The .Cm block-policy -option sets the default behaviour for the packet +parser option sets the default behaviour for the packet .Ic block action: .Pp @@ -1146,8 +1158,13 @@ A TCP RST is returned for blocked TCP packets, an ICMP UNREACHABLE is returned for blocked UDP packets, and all other packets are silently dropped. .El +.Pp +The default value is +.Cm drop . .It Ic set Cm debug Ar level -Set the debug +The +.Cm debug +runtime option sets the debug .Ar level , which limits the severity of log messages printed by .Xr pf 4 . @@ -1165,8 +1182,11 @@ and These keywords correspond to the similar (LOG_) values specified to the .Xr syslog 3 library routine. +The default value is +.Cm err . .It Cm set Cm fingerprints Ar filename -Load fingerprints of known operating systems from the given +This parser option loads fingerprints of known operating systems +from the given .Ar filename . By default fingerprints of known operating systems are automatically loaded from @@ -1175,10 +1195,11 @@ but can be overridden via this option. Setting this option may leave a small period of time where the fingerprints referenced by the currently active ruleset are inconsistent until the new ruleset finishes loading. +The default location for fingerprints is /etc/pf.os file. .It Ic set Cm hostid Ar number -The 32-bit hostid -.Ar number -identifies this firewall's state table entries to other firewalls +This runtime option specifies a 32-bit hostid +.Ar number , +which identifies this firewall's state table entries to other firewalls in a .Xr pfsync 4 failover cluster. @@ -1186,11 +1207,18 @@ By default the hostid is set to a pseudo-random value, however it may be desirable to manually configure it, for example to more easily identify the source of state table entries. The hostid may be specified in either decimal or hexadecimal. +The +.Cm hostid +option value does not get changed by +.Xr pfctl 8 +.Fl F +.Cm Reset . .It Ic set
Re: dwxe: resetting interface on watchdog timeout
On Wed 17 Apr 2019 9:44 AM, Sebastien Marie wrote: Hi, With a pine64, I am experimenting regulary dwxe watchdog timeout. Usually it is a sign that something doesn't work in the driver itself. Good to know this isn't just affecting my three devices. Let's hope this patch gets some feedback and makes its way into the build.
Re: [PATCH] [www] cvsync.html - use class="cmdbox"
On Wed, Apr 17, 2019 at 10:53:54PM BST, Theo Buehler wrote: > On Wed, Apr 17, 2019 at 11:34:56PM +0200, Solene Rapenne wrote: > > On Wed, Apr 17, 2019 at 09:55:26PM +0100, Raf Czlonka wrote: > > > Hi all, > > > > > > Similar to other pages[0][1], use class="cmdbox", add prompt character > > > where appropriate, and remove superfluous indentation while there. > > > > > > [0] https://www.openbsd.org/anoncvs.html > > > [1] https://www.openbsd.org/ddb.html > > > > > > Regards, > > > > > > Raf > > > > this looks much better with this > > > > ok solene@ > > > > Please send a diff for www/build/mirrors/cvsync.html.* instead After cvsync.html -> build/mirrors/cvsync.html.head change, the patch applies just fine but, as requested, re-done for the build/mirrors/cvsync.html.head below anyway. > hiro$ head -1 cvsync.html > Arghhh... force of habit: $ vi +/pre cvsync.html :^P Cheers, Raf Index: build/mirrors/cvsync.html.head === RCS file: /cvs/www/build/mirrors/cvsync.html.head,v retrieving revision 1.36 diff -u -p -r1.36 cvsync.html.head --- build/mirrors/cvsync.html.head 2 Apr 2018 02:48:19 - 1.36 +++ build/mirrors/cvsync.html.head 17 Apr 2019 22:37:34 - @@ -57,8 +57,8 @@ CVS is part of OpenBSD's base system. CVSync is an entirely different program and can be installed from packages: - -pkg_add cvsync + +# pkg_add cvsync Do not build your own copy from unmodified upstream source - @@ -69,17 +69,17 @@ used in the OpenBSD repository. In order to mirror the OpenBSD repository with CVSync, the following configuration file might be used: - - config { - hostname anoncvs.eu.openbsd.org - # If your network link is a T1 or faster, comment out the following line. - compress - collection { - name openbsd release rcs - prefix /cvs - umask 002 - } - } + +config { +hostname anoncvs.eu.openbsd.org +# If your network link is a T1 or faster, comment out the following line. +compress +collection { + name openbsd release rcs + prefix /cvs + umask 002 +} +} @@ -93,8 +93,8 @@ The local copy of the files are stored i Assuming this file is saved as cvs-syncfile, the following command would be used to invoke cvsync - -cvsync -c cvs-syncfile + +$ cvsync -c cvs-syncfile Getting Started Using Rsync @@ -104,13 +104,13 @@ file synchronization program. Again this should be installed from packages. Two flavours are available: - - # pkg_add rsync - Ambiguous: choose package for rsync - a 0: - 1: rsync-3.1.2p0 - 2: rsync-3.1.2p0-iconv - Your choice: + +# pkg_add rsync +Ambiguous: choose package for rsync +a 0: + 1: rsync-3.1.2p0 + 2: rsync-3.1.2p0-iconv +Your choice: Unless you have other requirements, simply install the standard version @@ -118,15 +118,15 @@ Unless you have other requirements, simp You can select the flavour on the command-line to avoid pkg_add(1) prompting for the version like so: - - pkg_add rsync-- + +# pkg_add rsync-- In order to mirror the OpenBSD repository with rsync, the following command line might be used: - - rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ /cvs/ + +$ rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ /cvs/ Using CVS to Work With Your Repository @@ -135,10 +135,10 @@ Now that you have a local copy of the CV to check out, update, or do any of the other CVS operations you would normally do against a remote repository, locally. For example: - -cvs -d/cvs checkout -P src -cvs -d/cvs up -Pd -cvs -d/cvs diff -u file.c + +$ cvs -d/cvs checkout -P src +$ cvs -d/cvs up -Pd +$ cvs -d/cvs diff -u file.c More details on CVS operation can be found in FAQ5, Fetching appropriate source
Re: [PATCH] [www] cvsync.html - use class="cmdbox"
On Wed, Apr 17, 2019 at 11:34:56PM +0200, Solene Rapenne wrote: > On Wed, Apr 17, 2019 at 09:55:26PM +0100, Raf Czlonka wrote: > > Hi all, > > > > Similar to other pages[0][1], use class="cmdbox", add prompt character > > where appropriate, and remove superfluous indentation while there. > > > > [0] https://www.openbsd.org/anoncvs.html > > [1] https://www.openbsd.org/ddb.html > > > > Regards, > > > > Raf > > this looks much better with this > > ok solene@ > Please send a diff for www/build/mirrors/cvsync.html.* instead hiro$ head -1 cvsync.html
Re: [PATCH] [www] cvsync.html - use class="cmdbox"
On Wed, Apr 17, 2019 at 09:55:26PM +0100, Raf Czlonka wrote: > Hi all, > > Similar to other pages[0][1], use class="cmdbox", add prompt character > where appropriate, and remove superfluous indentation while there. > > [0] https://www.openbsd.org/anoncvs.html > [1] https://www.openbsd.org/ddb.html > > Regards, > > Raf this looks much better with this ok solene@
[PATCH] [www] cvsync.html - use class="cmdbox"
Hi all, Similar to other pages[0][1], use class="cmdbox", add prompt character where appropriate, and remove superfluous indentation while there. [0] https://www.openbsd.org/anoncvs.html [1] https://www.openbsd.org/ddb.html Regards, Raf Index: cvsync.html === RCS file: /cvs/www/cvsync.html,v retrieving revision 1.141 diff -u -p -r1.141 cvsync.html --- cvsync.html 6 Apr 2018 23:41:34 - 1.141 +++ cvsync.html 13 Apr 2019 07:21:21 - @@ -57,8 +57,8 @@ CVS is part of OpenBSD's base system. CVSync is an entirely different program and can be installed from packages: - -pkg_add cvsync + +# pkg_add cvsync Do not build your own copy from unmodified upstream source - @@ -69,17 +69,17 @@ used in the OpenBSD repository. In order to mirror the OpenBSD repository with CVSync, the following configuration file might be used: - - config { - hostname anoncvs.eu.openbsd.org - # If your network link is a T1 or faster, comment out the following line. - compress - collection { - name openbsd release rcs - prefix /cvs - umask 002 - } - } + +config { +hostname anoncvs.eu.openbsd.org +# If your network link is a T1 or faster, comment out the following line. +compress +collection { + name openbsd release rcs + prefix /cvs + umask 002 +} +} @@ -93,8 +93,8 @@ The local copy of the files are stored i Assuming this file is saved as cvs-syncfile, the following command would be used to invoke cvsync - -cvsync -c cvs-syncfile + +$ cvsync -c cvs-syncfile Getting Started Using Rsync @@ -104,13 +104,13 @@ file synchronization program. Again this should be installed from packages. Two flavours are available: - - # pkg_add rsync - Ambiguous: choose package for rsync - a 0: - 1: rsync-3.1.2p0 - 2: rsync-3.1.2p0-iconv - Your choice: + +# pkg_add rsync +Ambiguous: choose package for rsync +a 0: + 1: rsync-3.1.2p0 + 2: rsync-3.1.2p0-iconv +Your choice: Unless you have other requirements, simply install the standard version @@ -118,15 +118,15 @@ Unless you have other requirements, simp You can select the flavour on the command-line to avoid pkg_add(1) prompting for the version like so: - - pkg_add rsync-- + +# pkg_add rsync-- In order to mirror the OpenBSD repository with rsync, the following command line might be used: - - rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ /cvs/ + +$ rsync -avz --delete rsync://obsdacvs.cs.toronto.edu/obsdcvs/ /cvs/ Using CVS to Work With Your Repository @@ -135,10 +135,10 @@ Now that you have a local copy of the CV to check out, update, or do any of the other CVS operations you would normally do against a remote repository, locally. For example: - -cvs -d/cvs checkout -P src -cvs -d/cvs up -Pd -cvs -d/cvs diff -u file.c + +$ cvs -d/cvs checkout -P src +$ cvs -d/cvs up -Pd +$ cvs -d/cvs diff -u file.c More details on CVS operation can be found in FAQ5, Fetching appropriate source
Re: libevent: Protect integer multiplications (min_heap)
On Wed, Apr 17, 2019 at 11:34:36AM -0400, Ted Unangst wrote: > Theo de Raadt wrote: > > So the diff presented falls short of what should be done here; > > insufficient lines deleted. > > we're not getting to the fun part yet, but this unfold some complex operations > to assist human readers. > > -min_child -= min_child == s->n || > min_heap_elem_greater(s->p[min_child], s->p[min_child - 1]); > + if (min_child == s->n || > + min_heap_elem_greater(s->p[min_child], s->p[min_child - 1])) > + min_child -= 1; > > that one really stands out as kinda not the normal way of doing things. > > (and then reformat to be knf, but after changes that require review.) Looks good to me. If the regress tests agree, ok, -Otto > > Index: min_heap.h > === > RCS file: /home/cvs/src/lib/libevent/min_heap.h,v > retrieving revision 1.3 > diff -u -p -r1.3 min_heap.h > --- min_heap.h29 Oct 2014 22:47:29 - 1.3 > +++ min_heap.h17 Apr 2019 15:30:02 - > @@ -112,7 +112,7 @@ int min_heap_reserve(min_heap_t* s, unsi > unsigned a = s->a ? s->a * 2 : 8; > if(a < n) > a = n; > -if(!(p = (struct event**)realloc(s->p, a * sizeof *p))) > +if(!(p = realloc(s->p, a * sizeof *p))) > return -1; > s->p = p; > s->a = a; > @@ -125,11 +125,13 @@ void min_heap_shift_up_(min_heap_t* s, u > unsigned parent = (hole_index - 1) / 2; > while(hole_index && min_heap_elem_greater(s->p[parent], e)) > { > -(s->p[hole_index] = s->p[parent])->min_heap_idx = hole_index; > +s->p[hole_index] = s->p[parent]; > +s->p[hole_index]->min_heap_idx = hole_index; > hole_index = parent; > parent = (hole_index - 1) / 2; > } > -(s->p[hole_index] = e)->min_heap_idx = hole_index; > +e->min_heap_idx = hole_index; > +s->p[hole_index] = e; > } > > void min_heap_shift_down_(min_heap_t* s, unsigned hole_index, struct event* > e) > @@ -137,10 +139,13 @@ void min_heap_shift_down_(min_heap_t* s, > unsigned min_child = 2 * (hole_index + 1); > while(min_child <= s->n) > { > -min_child -= min_child == s->n || > min_heap_elem_greater(s->p[min_child], s->p[min_child - 1]); > + if (min_child == s->n || > + min_heap_elem_greater(s->p[min_child], s->p[min_child - 1])) > + min_child -= 1; > if(!(min_heap_elem_greater(e, s->p[min_child]))) > break; > -(s->p[hole_index] = s->p[min_child])->min_heap_idx = hole_index; > +s->p[hole_index] = s->p[min_child]; > +s->p[hole_index]->min_heap_idx = hole_index; > hole_index = min_child; > min_child = 2 * (hole_index + 1); > } >
Re: dwxe: resetting interface on watchdog timeout
On Wed, Apr 17, 2019 at 09:44:43AM +0200, Sebastien Marie wrote: > Hi, > > With a pine64, I am experimenting regulary dwxe watchdog > timeout. Usually it is a sign that something doesn't work in the driver > itself. > > The problem I am facing currently is when watchdog timeout occurs, > the interface is unusable. And so I need another system connected > permanently to serial in order to login and reboot the board to get it > working. > > The following diff is still a workaround for the underline driver > problem. It tries to reset the interface when watchdog timeout > occurs. But at least, the board could come back in a more accessible > state. > > When a watchdog timeout occurs, it will try to: > - down the interface (if it is up) > - reset it > - up the interface (if it called down previously) > > With it, I have a "stable" connection to the board via network. > > Comments or OK ? > -- > Sebastien Marie > > Just to add here, in my TESTS for 6.5, all of my 20 or so PINE64s have had a really tough time with dwxe(4). I have had to put all of them into 10baseT mode. Previously, they all had "media 100baseTX" in their /etc/hostname.dwxe0 (and these are supposedly 1Gb devices), so even in the past it has been really flaky. If this helps improve things, I'm all for it, but you should probably get oks from someone who knows the driver better. -ml > Index: if_dwxe.c > === > RCS file: /cvs/src/sys/dev/fdt/if_dwxe.c,v > retrieving revision 1.11 > diff -u -p -r1.11 if_dwxe.c > --- if_dwxe.c 3 Jan 2019 00:59:58 - 1.11 > +++ if_dwxe.c 15 Apr 2019 10:21:39 - > @@ -687,7 +687,21 @@ dwxe_ioctl(struct ifnet *ifp, u_long cmd > void > dwxe_watchdog(struct ifnet *ifp) > { > - printf("%s\n", __func__); > + struct dwxe_softc *sc = ifp->if_softc; > + int down_up = 0; > + > + printf("%s: watchdog timeout\n", sc->sc_dev.dv_xname); > + ifp->if_oerrors++; > + > + if (ifp->if_flags & IFF_RUNNING) { > + down_up = 1; > + dwxe_down(sc); > + } > + > + dwxe_reset(sc); > + > + if (down_up == 1) > + dwxe_up(sc); > } > > int >
Re: libevent: Protect integer multiplications (min_heap)
Theo de Raadt wrote: > So the diff presented falls short of what should be done here; > insufficient lines deleted. we're not getting to the fun part yet, but this unfold some complex operations to assist human readers. -min_child -= min_child == s->n || min_heap_elem_greater(s->p[min_child], s->p[min_child - 1]); + if (min_child == s->n || + min_heap_elem_greater(s->p[min_child], s->p[min_child - 1])) + min_child -= 1; that one really stands out as kinda not the normal way of doing things. (and then reformat to be knf, but after changes that require review.) Index: min_heap.h === RCS file: /home/cvs/src/lib/libevent/min_heap.h,v retrieving revision 1.3 diff -u -p -r1.3 min_heap.h --- min_heap.h 29 Oct 2014 22:47:29 - 1.3 +++ min_heap.h 17 Apr 2019 15:30:02 - @@ -112,7 +112,7 @@ int min_heap_reserve(min_heap_t* s, unsi unsigned a = s->a ? s->a * 2 : 8; if(a < n) a = n; -if(!(p = (struct event**)realloc(s->p, a * sizeof *p))) +if(!(p = realloc(s->p, a * sizeof *p))) return -1; s->p = p; s->a = a; @@ -125,11 +125,13 @@ void min_heap_shift_up_(min_heap_t* s, u unsigned parent = (hole_index - 1) / 2; while(hole_index && min_heap_elem_greater(s->p[parent], e)) { -(s->p[hole_index] = s->p[parent])->min_heap_idx = hole_index; +s->p[hole_index] = s->p[parent]; +s->p[hole_index]->min_heap_idx = hole_index; hole_index = parent; parent = (hole_index - 1) / 2; } -(s->p[hole_index] = e)->min_heap_idx = hole_index; +e->min_heap_idx = hole_index; +s->p[hole_index] = e; } void min_heap_shift_down_(min_heap_t* s, unsigned hole_index, struct event* e) @@ -137,10 +139,13 @@ void min_heap_shift_down_(min_heap_t* s, unsigned min_child = 2 * (hole_index + 1); while(min_child <= s->n) { -min_child -= min_child == s->n || min_heap_elem_greater(s->p[min_child], s->p[min_child - 1]); + if (min_child == s->n || + min_heap_elem_greater(s->p[min_child], s->p[min_child - 1])) + min_child -= 1; if(!(min_heap_elem_greater(e, s->p[min_child]))) break; -(s->p[hole_index] = s->p[min_child])->min_heap_idx = hole_index; +s->p[hole_index] = s->p[min_child]; +s->p[hole_index]->min_heap_idx = hole_index; hole_index = min_child; min_child = 2 * (hole_index + 1); }
Re: Switch powerpc to big PIC
> Date: Tue, 5 Feb 2019 21:57:31 +0100 (CET) > From: Mark Kettenis > > The architecture already has big PIE. The issue is that clang doesn't > support secure-plt for small pic. I haven't entirely figured out > what's going on here and we probably need some further fixes to clang > here. On the other hand I think it is probably time to recognize > there is more and more bloat in the world. > > Thoughts? I'd like to move ahead with this now that the tree is unlocked. ok? > Index: share/mk/bsd.own.mk > === > RCS file: /cvs/src/share/mk/bsd.own.mk,v > retrieving revision 1.194 > diff -u -p -r1.194 bsd.own.mk > --- share/mk/bsd.own.mk 28 Jan 2019 17:42:38 - 1.194 > +++ share/mk/bsd.own.mk 5 Feb 2019 19:20:33 - > @@ -137,7 +137,8 @@ STATIC?= -static ${STATICPIE} > #SYS_INCLUDE=symlinks > > # pic relocation flags. > -.if (${MACHINE_ARCH} == "alpha") || (${MACHINE_ARCH} == "sparc64") > +.if ${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ > +${MACHINE_ARCH} == "sparc64" > PICFLAG?=-fPIC > .else > PICFLAG?=-fpic > >
Re: pfctl should check pfctl.astack is not overrun
On Wed, Apr 17, 2019 at 03:06:16PM +0200, Petr Hoffmann wrote: > I noticed pfctl crashes on segfault when anchors go too deep: Yes, I've already seen this at some point but didn't get around to fixing it properly - thanks for the reminder. > It seems there is no check we fit into pfctl.astack[]. The attached > patch resolves this issue: Fixing the parser alone does not suffice: # echo block | pfctl -a $(jot -s/ 66) -f- # pfctl -vsA -a1 | wc -l 65 /sys/net/pf.c 160:#define PF_ANCHOR_STACK_MAX 64 This limit is not hit in my example; I have not yet spend time on this, but I think the kernel should refuse this. > diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y > index 1e7ce21..5e19c5f39da 100644 > --- a/sbin/pfctl/parse.y > +++ b/sbin/pfctl/parse.y > @@ -846,6 +846,8 @@ pfa_anchor: '{' > > /* steping into a brace anchor */ > pf->asd++; > + if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH) > + errx(1, "pfa_anchor: anchors too deep"); This looks sane. > pf->bn++; > pf->brace = 1; >
pfctl should check pfctl.astack is not overrun
Hi, I noticed pfctl crashes on segfault when anchors go too deep: --8<--- $ cat ~/pf.conf | head -5 anchor foo { anchor foo { anchor foo { anchor foo { anchor foo { $ grep anchor ~/pf.conf | wc -l 66 $ /sbin/pfctl -nf ~/pf.conf Segmentation fault (core dumped) --->8-- It seems there is no check we fit into pfctl.astack[]. The attached patch resolves this issue: --8<--- $ ./pfctl -nf ~/pf.conf pfctl: pfa_anchor: anchors too deep $ grep anchor ~/pf2.conf | wc -l 63 $ ./pfctl -nf ~/pf2.conf $ --->8-- Petr diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 1e7ce21..5e19c5f39da 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -846,6 +846,8 @@ pfa_anchor : '{' /* steping into a brace anchor */ pf->asd++; + if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH) + errx(1, "pfa_anchor: anchors too deep"); pf->bn++; pf->brace = 1;
dwxe: resetting interface on watchdog timeout
Hi, With a pine64, I am experimenting regulary dwxe watchdog timeout. Usually it is a sign that something doesn't work in the driver itself. The problem I am facing currently is when watchdog timeout occurs, the interface is unusable. And so I need another system connected permanently to serial in order to login and reboot the board to get it working. The following diff is still a workaround for the underline driver problem. It tries to reset the interface when watchdog timeout occurs. But at least, the board could come back in a more accessible state. When a watchdog timeout occurs, it will try to: - down the interface (if it is up) - reset it - up the interface (if it called down previously) With it, I have a "stable" connection to the board via network. Comments or OK ? -- Sebastien Marie Index: if_dwxe.c === RCS file: /cvs/src/sys/dev/fdt/if_dwxe.c,v retrieving revision 1.11 diff -u -p -r1.11 if_dwxe.c --- if_dwxe.c 3 Jan 2019 00:59:58 - 1.11 +++ if_dwxe.c 15 Apr 2019 10:21:39 - @@ -687,7 +687,21 @@ dwxe_ioctl(struct ifnet *ifp, u_long cmd void dwxe_watchdog(struct ifnet *ifp) { - printf("%s\n", __func__); + struct dwxe_softc *sc = ifp->if_softc; + int down_up = 0; + + printf("%s: watchdog timeout\n", sc->sc_dev.dv_xname); + ifp->if_oerrors++; + + if (ifp->if_flags & IFF_RUNNING) { + down_up = 1; + dwxe_down(sc); + } + + dwxe_reset(sc); + + if (down_up == 1) + dwxe_up(sc); } int